FreeBSD: An Open Source Alternative to Linux

DruLavigne

UNIX is a registered trademark of The
Open Group in the United States and other countries.

Many of the designations used by
manufacturers and sellers to distinguish their products are claimed
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the “™” or the
“Â®” symbol.

Copyright

Redistribution and use in source (XML DocBook) and 'compiled'
forms (XML, HTML, PDF, PostScript, RTF and so forth) with or without
modification, are permitted provided that the following conditions are
met:

Redistributions of source code (XML DocBook) must retain the
above copyright notice, this list of conditions and the following
disclaimer as the first lines of this file unmodified.

Redistributions in compiled form (transformed to other DTDs,
converted to PDF, PostScript, RTF and other formats) must
reproduce the above copyright notice, this list of conditions and
the following disclaimer in the documentation and/or other
materials provided with the distribution.

Important:

THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION
PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE FREEBSD DOCUMENTATION PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

Last modified on 2015-03-29 by jgh.

Abstract

The objective of this whitepaper is to explain some of the
features and benefits provided by FreeBSD, and where
applicable, compare those features to LinuxÂ®. This paper
provides a starting point for those interested in exploring
Open Source alternatives to LinuxÂ®.

1.Â Introduction

FreeBSD is a UNIXÂ® like operating system based on the
Berkeley Software Distribution. While FreeBSD and LinuxÂ® are
commonly perceived as being very similar, there are differences:

LinuxÂ® itself is a kernel. Distributions (e.g. Red Hat,
Debian, Suse and others) provide the installer and the
utilities available to the user. http://www.linux.org/dist
lists well over 300 distinct distributions. While giving
the user maximum flexibility, the existence of so many
distributions also increases the difficulty of transferring
one's skills from one distribution to another. Distributions
don't just differ in ease-of install and available programs;
they also differ in directory layout, available shells and
window managers, and software installation and patching
routines.

FreeBSD is a complete operating system (kernel and
userland) with a well-respected heritage grounded in the
roots of Unix development.
[1]
Since both the kernel and the
provided utilities are under the control of the same release
engineering team, there is less likelihood of library
incompatibilities. Security vulnerabilities can also be
addressed quickly by the security team. When new utilities
or kernel features are added, the user simply needs to read
one file, the Release Notes, which is publicly available on
the main page of the FreeBSD website.

FreeBSD has a large and well organized programming base
which ensures changes are implemented quickly and in a
controlled manner. There are several thousand programmers
who contribute code on a regular basis but only about 300 of
these have what is known as a commit bit and can actually
commit changes to the kernel, utilities and official
documentation. A release engineering team provides quality
control and a security officer team is responsible for
responding to security incidents. In addition, there is an
elected core group of 8 senior committers who set the
overall direction of the Project.

In contrast, changes to the Linux kernel ultimately have
to wait until they pass through the maintainer of kernel
source, Linus Torvalds. How changes to distributions occur
can vary widely, depending upon the size of each particular
distribution's programming base and organizational method.

While both FreeBSD and LinuxÂ® use an Open Source
licensing model, the actual licenses used differ. The Linux
kernel is under the GPL license while
FreeBSD uses the BSD license. These,
and other Open Source licenses, are described in more detail
at the website of the Open Source
Initiative.

The driving philosophy behind the GPL is to ensure that
code remains Open Source; it does this by placing
restrictions on the distribution of GPLd code. In contrast,
the BSD license places no such restrictions, which gives you
the flexibility of keeping the code Open Source or closing
the code for a proprietary commercial product.
[2]
Having
stable and reliable code under the attractive BSD license
means that many operating systems, such as Apple OS X
are based on FreeBSD code. It also means that if you choose
to use BSD licensed code in your own projects, you can do so
without threat of future legal liability.

2.Â FreeBSD Features

2.1.Â Supported Platforms

FreeBSD has gained a reputation as a secure, stable,
operating system for the IntelÂ® (i386™) platform. However,
FreeBSD also supports the following architectures:

amd64

i386™

pc98

SPARC64Â®

In addition, there is ongoing development to port FreeBSD
to the following architectures:

ARMÂ®

MIPSÂ®

PowerPCÂ®

Up-to-date hardware lists are maintained for each
architecture so you can tell at a glance if your hardware is
supported. For servers, there is excellent hardware RAID and
network interface support.

FreeBSD also makes a great workstation and laptop
operating system! It supports the X Window System, the same
one used in LinuxÂ® distributions to provide a desktop user
interface. It also supports over 13,000 easy to install
third-party applications,
[3]
including KDE, Gnome, and
OpenOffice.

Several projects are available to ease the installation of
FreeBSD as a desktop. The most notable are:

DesktopBSD which
aims at being a stable and powerful operating system for
desktop users.

PC-BSD which provides an
easy-to-use GUI installer for FreeBSD aimed at the desktop
user.

2.2.Â Extensible Frameworks

FreeBSD provides many extensible frameworks to easily
allow you to customize the FreeBSD environment to your
particular needs. Some of the major frameworks are:

Netgraph

Netgraph is a modular networking subsystem that
can be used to supplement the existing kernel networking
infrastructure. Hooks are provided to allow developers to
derive their own modules. As a result, rapid prototyping and
production deployment of enhanced network services can be
performed far more easily and with fewer bugs. Many existing
operational modules ship with FreeBSD and include support for:

PPPoE

ATM

ISDN

Bluetooth

HDLC

EtherChannel

Frame Relay

L2TP, just to name a few.

GEOM

GEOM is a modular disk I/O request
transformation framework. Since it is a pluggable storage
layer, it permits new storage services to be quickly developed
and cleanly integrated into the FreeBSD storage
subsystem. Some examples where this can be useful are:

Creating RAID solutions.

Providing full-blown cryptographic protection of stored data.

Newer versions of FreeBSD provide many administrative
utilities to use the existing GEOM modules. For example, one
can create a disk mirror using gmirror(8), a stripe
using gstripe(8), and a shared secret device using
gshsec(8).

MAC,
or Mandatory Access Control, provides fine-tuned access to
files and is meant to augment traditional operating system
authorization provided by file permissions. Since MAC is
implemented as a modular framework, a FreeBSD system can be
configured for any required policy varying from HIPAA
compliance to the needs of a military-grade system.

FreeBSD ships with modules to implement the following
policies; however the framework allows you to develop any
required policy:

Biba integrity model

Port ACLs

MLS or Multi-Level Security confidentiality policy

LOMAC or Low-watermark Mandatory Access Control data integrity policy

Process partition policy

PAM

Like LinuxÂ®, FreeBSD provides support for PAM,
Pluggable Authentication Modules. This allows an administrator
to augment the traditional UNIXÂ® username/password
authentication model. FreeBSD provides modules to integrate
into many authentication mechanisms, including:

Kerberos 5

OPIE

RADIUS

TACACS+

It also allows the administrator to define policies to
control authentication issues such as the quality of
user-chosen passwords.

3.Â Security

All security incidents and fixes pass through the
Security Team and are issued as publicly available
Advisories. The Security Team has a reputation for quickly
resolving known security issues. Full information regarding
FreeBSD's security handling procedures and where to find
security information is available at
http://www.FreeBSD.org/security/.

One of the problems associated with Open Source
software is the sheer volume of available applications. There
are literally tens of thousands of Open Source application projects
each with varying levels of responsiveness to security
incidents. FreeBSD has met this challenge head-on with VuXML. All software
shipped with the FreeBSD operating system as well any software
available in the Ports Collection
is compared to a database of known, unresolved
vulnerabilities. An administrator can use the pkg(7)
utility to quickly determine if any software on a FreeBSD
system is vulnerable, and if so, receive a description of the
problem and an URL containing a more detailed vulnerability
description.

FreeBSD also provides many mechanisms which allow an
administrator to tune the operating system to meet his security
needs:

The jail(8) utility allows an administrator
to imprison a process; this is ideal for applications which
don't provide their own chroot environment.

The chflags(1) utility augments the
security provided by traditional Unix permissions. It can, for
example, prevent specified files from being modified or
deleted by even the superuser.

The FreeBSD kernel is easily modified, allowing an
administrator to strip out unneeded functionality. FreeBSD
also supports kernel loadable modules and provides utilities
to view, load and unload kernel modules.

The sysctl mechanism allows an administrator to view
and change kernel state on-the-fly without requiring a
reboot.

4.Â Support

Like LinuxÂ®, FreeBSD offers many venues for support, both
freely available and commercial.

4.1.Â Free Offerings

FreeBSD is one of the best documented
operating systems, and the documentation is available both
as part of the operating system and on the Internet. Manual
pages are clear, concise and provide working
examples.
The FreeBSD Handbook
provides background information and configuration examples
for nearly every task one would wish to complete using
FreeBSD.

FreeBSD provides many support mailing
lists.
where answers are archived and fully searchable. If you have
a question that wasn't addressed by the Handbook, it most
likely has already been answered on a mailing list. The
Handbook and mailing lists are also available in several
languages, all of which are easily accessible from
http://www.FreeBSD.org.

If your project requires Common Criteria certification,
FreeBSD includes the TrustedBSD MAC
framework to ease the certification process.

5.Â Advantages to Choosing FreeBSD

There are many advantages to including FreeBSD solutions in
your IT infrastructure:

FreeBSD is well documented and follows many
standards. This allows your existing intermediate and advanced
system administrators to quickly transfer their existing Linux
and Unix skillsets to FreeBSD administration.

In-house developers have full access to all
FreeBSD code
[4]
for all releases going back to the original
FreeBSD release. Included with the code are all of the log
messages which provide context to changes and
bug fixes. Additionally, a developer can easily replicate any
release by simply checking out the code with the desired
label. In contrast, LinuxÂ® traditionally didn't follow this
model, but has recently adopted a more mature development
model.
[5]

In-house developers also have full access to
FreeBSD's
bug-tracking database. They are able to query and track
existing bugs as well as submit their own patches for approval
and possible committal into the FreeBSD base code.
../../../../support.html

The BSD license allows you to freely modify the
code to suit your business purposes. Unlike the GPL, there are
no restrictions on how you choose to distribute the resulting
software.

6.Â Conclusion

FreeBSD is a mature UNIXÂ®-like operating system which
includes many of the features one would expect in a modern UNIXÂ®
system. For those wishing to incorporate an Open Source solution
in their existing infrastructure, FreeBSD is an excellent choice
indeed.